【作者】 彭成；

【导师】 杨路明；

【作者基本信息】 中南大学 ， 计算机科学与技术， 2013， 博士

【摘要】 摘要：软件已经成为国民经济的支柱产业,在人们的日常生活中起着越来越重要的作用。由软件质量缺陷引发的损失和灾难,却一直困扰着人们。特别是网络化软件的出现,使得保障和提高软件的可靠性、安全性等可信属性面临极大挑战。网络化软件的复杂特征研究已经成为一个热点问题,而以网络化软件运行时交互行为为研究对象,掌握其行为规律和内部机理等交互行为过程中隐藏的行为特性,是解决网络化软件可信性问题的关键之一。因此,网络化软件运行时交互行为过程特性研究具有很强的现实意义。现行的针对传统软件的行为分析方法,不仅没有考虑网络化软件复杂的运行环境,而且对构成网络化软件的基础设施和软件实体本身的结构和行为的复杂性都缺乏表达能力。如何在开放、难控、动态的网络环境下,对这类结构复杂、行为复杂和多重复杂性融合在一起的网络化软件运行时产生的交互行为,从不同层次挖掘其行为过程特性,进行准确的行为描述、构建高效的行为模型、实时充分地展开异常行为传播分析,并将这些方法应用于实际系统中,对推动网络化软件的实证研究都具有重要的挑战意义。针对网络化软件运行时多实体并行执行产生的行为踪迹标记丢失、缺失行为主体,而无法识别这些行为踪迹由哪些事务生成等问题,本文提出了对这类带部分标记和不带标记的不完全事务分别采用网络流和二分图匹配的方法,进行重新标记。该方法能有效解决上述问题,为时间上交错,空间上重叠的行为踪迹找到行为主体,便于网络化软件运行时的行为描述。针对现有行为建模方法在监控收集的日志文档格式无标准、约束条件不充分、模型空间冗余、状态设置不合理等问题,本文提出了基于不变量约束的交互行为动态建模方法。该方法从预先设定格式监控收集的行为日志中抽取出六类不变量,对模型中的事件关联进行约束,并采用精化和抽象的方法确保模型的确定性和完备性。不变量的挖掘算法和建模算法具有良好的时空效率。对模型中的反例路径分析,可揭示系统中存在的潜在威胁,验证已知漏洞。针对现有异常行为分析方法对异常行为传播特征的描述不充分、检测能力有限等问题,本文提出了从不同粒度审视网络化软件,将仓室模型和个体模型结合起来,构建出描述异常行为传播的过程模型。同时提出影响异常行为传播的三类参数,传播概率、交互频率和连接率,并给出了相关定义及其计算方法,增强了对异常行为传播分析的准确性,对网络化软件系统中存在的由错误和漏洞引发的异常行为预测和牵制控制也具有启发作用。以在线电子购物系统软件为实例,与研究的每一个阶段相结合,验证了上述方法的有效性和可行性,包括对软件交互行为的描述、动态模型的构建指导、以及通过异常行为传播分析提高系统可靠性等。本文通过研究网络化软件运行时交互行为过程特性,提出的一整套方案,为提高网络软件的可信性开辟了新思路。更多还原

【Abstract】 ABSTRACT:Software has become a mainstay industry of the national economy, and plays an increasingly important role in people’s daily life. However, the loss and disaster caused by the software quality defects, has been made people disappointed. Especially the emergency of networked software, ensuring and improving the software credibility attributes like reliability and safety facing great challenges. Research on networked software complex characteristics has become a hot issue, it is one of the key to solve the network software credibility problem that take networked software runtime interactive behavior as the research object, and grasp the behavior execution law and the internal mechanism. Therefore, researching the networked software runtime interactive behavior process characteristic has a strong practical significance.The current behavior analysis method for traditional software, neither consider the complex operating environment, nor have the ability to express the infrastructure, software entities structure, and behavior complexity of the networked software. Under open, uncontrollable, dynamic internet environment, how to accurately describe interactive behavior, construct efficient behavioral models, and sufficiently take abnormal behavior spreading analysis for this kind of networked software with complex structure, complex behavior and multiple fusion complexes, and finally apply the method to the actual system, which has important challenges significance in promoting empirical research and improving the credibility of networked software.In consideration of the existing problems such as footprints token lost, missing actors, and can not recognize which transactions generate these behavior footprints when networked software multi-entity parallel executed the method of network flow and bipartite graph matching for separately re-tokenizing the incomplete transaction with part tokens and without tokens is then presented. This method can effectively solve the above problem, and find actors for the behavior footprints which temporally staggered and spatial overlapped. Therefore, facilitate the description of the networked software runtime behavior.In consideration of the existing problems such as lack of log format standards, inadequate constraints condition, model spatial redundancy, unreasonable status setting, the method based on invariant constrains for dynamic modeling is then presented. Six types of invariants extracted from a pre-set format behavior log to constraint event correlation, refinement and abstraction is adopted to ensure the model certainty and completeness. By anglicizing the counterexample path in the model can reveal the potential threat in the existing system, and verify the known vulnerabilities.In consideration of the existing problems such as inadequate description of the abnormal behavior propagation characteristics, limited detective ability of the model, a method of investigating the networked software from different view, combining the compartment model and the individual model to construct the abnormal behavior propagation model is then presented. Three types of parameters, spread probability, interaction frequency and connection rate, which affecting the spread of abnormal behavior were proposed, and related definition and calculation method are also investigated, which not only enhances the analysis accuracy of abnormal behavior propagation but show us some light on abnormal behavior predicting and pinning control.Based on the modeling and analysis methods of networked software discussed above, we have further studied the online electronic trading system, verified the feasibility of these methods, including software interactive behavior description, dynamic modeling, reliability improvement by abnormal behavior propagation analysis. Thus the thesis opens a new theoretic way to improve the credibility of networked software.更多还原